How keep multiple Ubuntu servers up to date

Once you have over three Ubuntu servers or desktops to manage it can be really useful to have a tool to help keep all their packages up to date. Put simply, you can’t keep logging into to each computer, checking and installing updates manually. I am not talking about configuring Ubuntu in the first place (you would do this is Ansible / Puppet etc). I’m just talking about installing periodic package upgrades.

For me the specific technical requirements of this tool would be:

The ability to see the state of all servers on one screen

Granular control to upgrade a single or multiple servers at once.

Granular control to upgrade a single or multiple or all packages at once

The general user / business requirements would be:

A simple easy to use piece of software with fast learning curve.

Good security protocols.

Good value for money.

Well maintained

Open source (optional)

I did some research, I found and tested following tools:

apt-dater – This is my preferred solution. Apt-Dater is an easy to use command line tool. The command line apperance is actually an advantage over a web based system because you can actually ssh into the computer directly from apt-dater itself. I.e. you can can see the packages being installed and then ssh in to fix any issues if they occur. It is very easy to configure.

Ubuntu Landscape – This is a paid for, closed source, hosted service run by Cannonical and is design specifically for Ubuntu. It was the only tool I found with a web interface and coming with lots of additional features like monitoring. To test it, I signed up and used it for a year on two servers. It was really easy to use and met all my technical requirements. However it has one major problem… frankly it was poor value for money. The problem stems from the fact that you can only purchase the server management tools as part of a complete support package called Ubuntu Advantage. I generally don’t need support just the tools and a manual. However, when I tested the support they let me down. It was a lot slower and provided lower quality solutions than simply using a combination of Google and AskUbuntu. At the time of writing, it cost £201.68 per server. I have around 18 servers + 6 desktops and so if I rolled it out to all servers it would cost £4,015.24 per year. I normally think of IT investment over a 5 year period and would have spent over £20,000 in this time. This isn’t outragous for support but it is if you just want Landscape. Therefore, I could invest a little more time finding an alternative.

Puppet / Chef / Ansible etc – Using a server configuration tool might be another approach. You can configure these configuration tools to update the packages to the latest versions. However, once your server setup becomes more complex, it is impractical to completely automate the upgrading of packages. What if you don’t want MySQL upgrade as soon it hits the repositories? What happens if the kernel is upgraded? I feel it is a good idea to look at the upgrades before they are implemented and I don’t think that you can acheive this using these configuration tools.

cront-apt/apticron – Obviously, you could use a simple cron script to automatically upgrade the servers at say 3am every day. However, like configuration tools, I feel you need to look at the upgrades before they are implemented.